Lucene search
+L

3225 matches found

nessus
nessus
added 2026/06/23 12:0 a.m.6 views

RHEL 9 : redis:7 (RHSA-2026:28142)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28142 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References4
nessus
nessus
added 2026/06/23 12:0 a.m.18 views

RHEL 9 : redis (RHSA-2026:28139)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References4
osv
osv
added 2026/06/22 7:28 p.m.3 views

GO-2026-5064 containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd

containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd...

9.6CVSS5.8AI score0.00412EPSS
Exploits0References1
nvd
nvd
added 2026/06/22 4:16 p.m.9 views

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00133EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/22 3:31 p.m.34 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00133EPSS
Exploits0References3
euvd
euvd
added 2026/06/22 3:31 p.m.8 views

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
cve
cve
added 2026/06/22 3:31 p.m.20 views

CVE-2026-41048

CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/06/22 3:31 p.m.6 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
osv
osv
added 2026/06/22 3:31 p.m.2 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References6
redhat
redhat
added 2026/06/22 6:26 a.m.14 views

Important: Red Hat Security Advisory: redis:6 security update

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References2
redhat
redhat
added 2026/06/22 6:26 a.m.7 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
redhat
redhat
added 2026/06/22 2:32 a.m.8 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.13 views

PT-2026-51335

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...

8.4CVSS5.8AI score0.00133EPSS
Exploits0References9
osv
osv
added 2026/06/19 9:42 p.m.9 views

GHSA-48X2-6PR9-2JJF Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data

Summary EnvironmentManager.restoreenv, backupId computes the backup path with joinenvDir, '.backups', backupId and only checks that this path exists. It does not resolve the result or verify that it remains under data//.backups. A caller can pass a traversal backup ID such as...

6.1CVSS6AI score
Exploits0References4
snyk
snyk
added 2026/06/19 7:35 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the CRI checkpoint restore. An attacker can gain unauthorized access to resources by injecting arbitrary Container Device Interface CDI annotations into checkpoint image metadata, which are then trusted an...

9.6CVSS6AI score0.00412EPSS
Exploits0References2
osv
osv
added 2026/06/19 7:35 p.m.7 views

GHSA-33VJ-92QQ-66HC containerd CRI checkpoint restore CDI annotation smuggling

Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...

8.4CVSS6AI score0.00412EPSS
Exploits0References2
github
github
added 2026/06/19 7:35 p.m.10 views

Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

8.2CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/19 7:35 p.m.9 views

GHSA-RGH6-RFWX-V388 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

7.1CVSS6AI score0.00208EPSS
Exploits0References2
snyk
snyk
added 2026/06/19 7:35 p.m.6 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the CRI checkpoint restore plugin due to improper validation of symlinked paths. An attacker can access arbitrary files on the host by crafting a malicious checkpoint image and leveraging the...

8.2CVSS6AI score0.00208EPSS
Exploits0References2
nvd
nvd
added 2026/06/19 1:16 p.m.12 views

CVE-2026-56141

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...

9.8CVSS0.00365EPSS
Exploits0References1
Rows per page
Query Builder